MMS2011: Microsoft Moves to Bolster Platform Security

Earlier today a few Windows IT Pro editors had the opportunity to sit down with Garth Fort, Microsoft's general manager of System Center and Forefront, and ask him some questions about the new additions to the System Center product family being announced at the show this week. Our 30 minute discussion touched on a variety of topics, but one of the most interesting points of discussion was how Microsoft was handling platform security.

Over the last several years, Microsoft products have been on the receiving end of some harsh criticism from a security standpoint. I'd argue that a fair amount of that criticism is unfair, given Microsoft's dominant market share as the desktop OS of choice for the vast majority of PC users. Malware creators and cybercriminals have their development decisions driven by market share: They know that the vast majority of potential targets are running Windows, so they can achieve the greatest return on their development investment by targeting the OS with the largest installed base of users. By comparison, Macintosh and other non-Windows computer platforms have much smaller market shares, making it unprofitable for criminals to spend as much time and effort targeting them.

So the news earlier today from MMS 2011 that Microsoft was now bundling Forefront Endpoint Protection in the Core Client Access License (CAL) Suite indicated that Microsoft is taking a more aggressive stance towards embedding security in their own products and platforms. Some MMS2011 attendees welcomed the news, judging by their tweets from the conference keynote announcing the news (see below).Fort reinforced that idea during our discussion, saying that Microsoft was well-served by putting more attention on platform security.

"When I came into this role I started asking hard questions. Are we really trying to be in the security business or are we trying to build secure platforms?," Fort said. "I believe the right thing for Microsoft to do is to take security and deeply embed it in all the products. Exchange should be secured by default, Windows should be secured by default, etc. We're going to drive a lot of that core identity and security technology into the platform."

Fort believes that the Forefront product family can add additional value on top of that enhanced platform security. "If you want to apply baselines and policies, you need a set of tools [like Forefront] that help you harness that."

By making FEP 2010 a part of the core CAL, Microsoft is also signaling to traditional endpoint security vendors -- like McAfee and Symantec -- that it intends to take a more proactive and aggressive stance when it comes to bolstering the security of Windows platforms and services. This continues a strategy that Microsoft started a few years ago with the release of Microsoft Security Essentials, a free consumer endpoint security product that was criticized by security vendors for competing with their paid product offerings.

I'll be covering MMS2011 here in Las Vegas all week, along with my Windows IT Pro colleagues Michael Otey, Sean Deuby (@shorinsean), and Zac Wiggy (@zacwiggy). Are you attending MMS 2011 this year? Let me know what you think of the show by commenting on this blog post or following me on Twitter.